What is Incident Management?- Incident Management is the procedure and method of handling an incident that occurs. This incident may be any specific violation of any condition policies, or else.
Similarly, in information security, incident responses are the remediation actions or steps taken as the response of an incident depending upon indentification of an event, threat or attack to the removal or elimination ( when system become stable , secure and functional again).
Incident Response Management defines the roles and responsibilities of penetration testers, users or employees of an organization. Additionally, incident response management defines actions required when a system is facing a threat to its confidentiallity, integrity, authenticity, availability depending upon the threat level.
Initially, the important thing to remember is when a system is dealing with an attack, it requires sophisticated, dedicated troubleshooting by an expert. While responding to the incident, the professional collects the evidence, information, and clues that are helpful for prevention in future, tracing the attacker and finding the holes and vulnerabilities in the system.
Types of Incident
Incidents are generally categorized by low, medium and high priorities. Low-priority incidents do not interrupt end users, who typically can complete work despite the issue. Medium-priority incidents are issues that affect end users, but the disruption is either slight or brief. High-priority incidents, however, are issues that will affect large amounts of end users and prevent the proper functioning of a system.
Incidents are classed as hardware, software or security, although a performance issue can often result from any combination of these areas. Software incidents typically include service availability problems or application bugs. Hardware incidents typically include downed or limited resources, network issues or other system outages. Security incidents encompass attempted and active threats intended to compromise or breach data. Unauthorized access to personally identifiable records is a security issue.
Incident Management Process
Incident Response Management Processes include:-
1, Preparation for Incident Response
2. Detection and Analysis of Incident Response
3. Classification of an incident and its prioritization
4. Notification and Announcements
6. Forensic Investigation of an Incident
7. Eradication and Recovery
8. Post-Incident Activites
Responsibilities of Incident Response Team
The Incident Response team is consist of the members who are well-aware of dealing with incidents. This response team is consists of trained officials who are expert in collecting the information and secure all evidence of an attack from the incident system. As far as the member of Incident response team is conerned, this team includes IT personnel, Hr, Public Relation officers, Local Law Enforcement, and Cheif Security Officer.
- The major responisibility of this team is to take actio according to Incident Response Plan (IRP). If IRP is not defined, not applicable on that case, the team has to follow the leading examiner to perform a coordinated operation.
- Examination and evaluation of event, determination of damage or scope of an attack
- Document the event, processes.
- If required, take the support of external security professional or consultant.
- Facts Collection
Incident Management Tools :-
Help desk and incident management teams rely on a mix of tools to resolve incidents, including monitoring tools to gather operations data, root cause analysis systems, incident management and automation platforms, and other support products.
Monitoring tools enable an IT staff to pull operations data from across multiple systems, such as on-premises or cloud-based hardware and software. Root cause analysis tools help sort through operational data, such as logs, which were collected by systems management, application performance monitoring and infrastructure monitoring tools. Root cause analysis tools help in understanding how a system operates and where any incidents reside.
Incident response tools correlate that monitoring data and facilitate response to events, typically with a sophisticated escalation path and method to document the response process. PagerDuty, VictorOps and xMatters are examples of incident management tools. PagerDuty establishes escalation policies, as well as creates automated workflows and alerts users of incidents based on preconfigured parameters.
ITSM service desk tools log data such as what the incident was, its cause and what steps were taken to solve the incident. ServiceNow and Zendesk are two major vendors in this space. ServiceNow Incident Management is a root cause analysis and auditing tool that can both log and prioritize IT incidents. ServiceNow can prioritize incident events through a self-service portal, email, incoming events and more. It logs incidents by the instance, classifies them by level of impact and urgency, escalates as required and performs analysis for future improvements.
For More Hacking Content Click Here